Playing around with permissions to the new SQL Server 2012 SSIS catalog. We ran into a stumbling block, we wanted to give the developer team full access to a folder in the SSIS catalog and nothing more.

TLDR:

You cant apply folder permissions via Groups. You have to use User logins.

The Problem:

Allow a the Dev team to access a single folder in the SSIS catalog.

The Solution:

Create a folder in the SSIS Catalog called “Project 1”

Add each Dev member to the Instance with a Public Login.

Add each Dev memeber as a User to SSISDB with Public Rights.

Open Properties to the SSIS catalog folder and select the “Permissions” page

Image

In “Permissions” add each User and give them the restricted permissions you want them to have:

Image

And there you go! Its a hell of a lot more work than using Groups, but it does keep Least Privilege going. I’ve read you add a group to SSIS_Admin to keep using Groups, but you will give them full access to the whole catalog.

There is also a Connect item out there which is below:

https://connect.microsoft.com/SQLServer/feedback/details/765980/sql-2012-ssisdb-catalog-all-permission-on-folder-but-still-cant-see-it-without-ssis-admin-if-login-is-a-group

Advertisements